Index: trunk/kernel/action.php
===================================================================
diff -u -r562 -r568
--- trunk/kernel/action.php	(.../action.php)	(revision 562)
+++ trunk/kernel/action.php	(.../action.php)	(revision 568)
@@ -1594,7 +1594,7 @@
          	$Template .= "\n";
          }
 		 $Template = str_replace("\n\n","",$Template);                     
-         $Template .= "Subject: ".$_POST["subject"]."\n\n";
+         $Template .= "Subject: "._unhtmlentities($_POST['subject'])."\n\n";
          $Template .= $_POST["messageBody"];
          $objMessages = new clsEmailMessageList();
          $objMessages->SourceTable = $objSession->GetEditTable("EmailMessage");